Heavy Networking from Packet Pushers
Summary: Join the Packet Pushers for weekly (or more!) conversations about data networking. Continuous professional development. Architecture and design, software defined, cloud, routing, switching, security, wireless, campus, enterprise, and more. Technical discussions with vendors about their products, deep dialog with real people who make networks work.
On today’s sponsored Heavy Networking episode we speak with AppNeta. AppNeta wraps user metadata around Netflow records, deep packet inspection, and discovery of networks to provide a complete picture of application performance. You can find out more at AppNeta.com/packetpushers. With AppNeta, engineers get a continuous view of end user performance and the telemetry to find and fix problems. Delivered as a cloud service, AppNeta supports virtual and physical monitoring points, so customers can choose the configuration that fits their needs. Physical appliances range from 100% solid-state devices that are half the size of home cable boxes, to data center-class rackmount options with redundant power supplies and support for up to 100Gbps. Our guests from AppNeta are Adam Edwards, Chief Customer Officer; and Sean Armstrong, VP of Products. We discuss the kinds of data that AppNeta collects and analyzes, explore common use cases, and dive into the value of user experience for performance and troubleshooting. Show Links: AppNeta.com/packetpushers AppNeta Blog AppNeta on Twitter AppNeta on LinkedIn
Welcome to Packet Pushers Heavy Networking. In this sponsored show with VIAVI Solutions we dive into the intersection of Network Performance Management (NPM) and security. VIAVI has a substantial portfolio of products, but today’s episode focuses on the Observer family–including Apex, GigaStor, and GigaFlow–for NPM and security use cases. We discuss how VIAVI performs full packet capture for detailed analysis of performance and security events, how VIAVI enriches flow records with additional data to provide valuable context, and how the concept of end user experience informs its approach to NPM. We also examine the critical role Observer can play in security operations, including the forensic value of high-fidelity packet capture, and why it’s essential for network and security teams to to work from the same data sources. Our guests from VIAVI are Charles Thompson, Sr. Director, Product Management; and Mike McGrath, Partner Director. Show Links: VIAVI Solutions VIAVI on Twitter VIAVI on LinkedIn
Today on Heavy Networking, we return to the subject of networking in AWS, with a focus on AWS Transit Gateways. The Transit Gateway is an evolution of Amazon&#8217;s transit VPC. It centralizes VPN connectivity to multiple VPCs, allowing for greater scale as well as simplified connectivity and management of the VPNs that connect VPCs. Nick Matthews is our inside guide to this service. He&#8217;s a Principal Solutions Architect at AWS. Nick will also peel back the onion on other networking features including Global Accelerator, TLS termination on Network Load Balancer, and odds and ends such as Client VPN. In addition, Nick shares details about the technology and architecture that underpins Amazon&#8217;s networking services. This is not a sponsored show. More and more listeners are involved with cloud networking, so this episode aims to help you understand what you&#8217;re getting into. We first heard from Nick back in show 387. If you’d like some insight into what’s really happening under the hood of AWS networking, that’s a good place to start. Sponsor: ITProTV Get dozens of hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation. Show Links: Weekly 387: AWS Networking – A View From The Inside &#8211; Packet Pushers Nick Matthews on Twitter AWS Transit Gateway &#8211; AWS Blog AWS re:Invent Session NET402: AWS Transit Gateway &amp; Transit VPCs, Ref Arch for Many VPCs &#8211; Nick Matthews at AWS re:Invent via YouTube Shuffle Sharding: Massive and Magical Fault Isolation &#8211; AWS Blog AWS Global Accelerator &#8211; AWS Blog AWS VPC Sharing &#8211; AWS Docs AWS Client VPN &#8211; YouTube AWS C5n &#8211; 100g instances &#8211; AWS Network Load Balancer Now Supports TLS Termination &#8211; AWS New – TLS Termination for Network Load Balancers &#8211; AWS News Blog A collection of AWS re:Invent videos and p...
Three SD-WAN analysts walk into a podcast. No, it’s not the start of a joke. Today’s Heavy Networking dives into the business and strategy aspects of SD-WAN with three guest analysts. We look at the business drivers of SD-WAN, compare market hype to actual deployments, debate the notion you can ditch MPLS for DIA, and get insights about the operational challenges and cost considerations that come with SD-WAN. Our guests also talk about deployment strategies, offer advice on how to build a vendor shortlist, and explore the concept and ramifications of SD-WAN as a multi-sided market. Our professional pontificators are Greg Bryan from Telegeograhy, Jason Gintert from WAN Dynamics, and Steve Garson from SD-WAN Experts. Sponsor: INE If you’re looking for training, consider INE.com. INE is a training resource for networking and a whole lot more. Visit ine.com/packetpushers to get a free 3-day trial. INE–experts at making you an expert. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Telegeography Blog WAN Summit SD-WAN Experts.com SD-WAN Experts on Twitter Steve Garson on Packet Pushers WAN Dynamics.com Jason Gintert on Twitter Packet Pushers SD-WAN Survey – Packet Pushers Ignition (free membership required)
In today’s sponsored podcast, InterOptic returns to update us on SFP modules. Based on the feedback we get, lots of people aren’t happy about how brand vendor price SFPs. And when you look at alternatives, there’s a wide variety of suppliers making the same products, but it’s hard to tell what the actual difference is. Decision paralysis, here we come. InterOptic produces optics with the same capabilities and quality as brand-equivalent modules, but at a significantly reduced cost. We look at how InterOptic uses the same manufacturers as OEMs and how that impacts your ROI, the role of firmware in modules and why it’s important to get the firmware right, and the rise of 400G. We also look at emerging trends in the optics market, the differences between OSFP and QSFP, and the state of silicon photonics. Joining us today is Robert Coenen, Vice President of Business Development at InterOptic. And for an independent perspective, we’re also joined by Tim Doiron, Principal Analyst, Intelligent Networking at ACG Research. Show Links: InterOptic.com InterOptic on Twitter Show 360: All About Optics With InterOptic (Sponsored) – Packet Pushers
Welcome to Heavy Networking, a podcast on data networking that gets ‘heavy’ with the conversation. Back in May 2011 I first met our guest, Guido Appenzeller, with a startup that was working on the idea of Software Defined Networking–a company called Big Switch Networks. While OpenFlow didn’t work out the way we both thought it would, Big Switch Networks continues today, but in 2014 Guido joined his colleague from Stanford, Martin Casado, in the NSX business unit. After four years at VMware leading and building the NSX business as CTO, he is leaving for new pastures. But before he gets there, we wanted to have a discussion about the future of networking. We talk about the role of public cloud in IT, where the industry is with the adoption of “software-defined,” the rise of whitebox, the P4 programming language, and more. We also find out about Guido’s new gig at Yubico. Sponsor: INE If you’re looking to take the next step in your career, INE is a training resource for networking and a whole lot more. With an INE subscription, you’ll gain unlimited streaming access to over 13,000 training videos, workbooks, and practice exams on Cisco, AWS, Microsoft, Linux, Google and more! Visit ine.com/packetpushers to get a free 3-day trial. INE: Experts at making you an expert. Sponsor: ThousandEyes ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can migrate to the cloud, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt. Show Links: Guido Appenzeller on Twitter Guido’s Blog
Forward Networks returns to talk more about network modeling and verification in today’s Heavy Networking podcast. We discuss Forward Networks’ approach to network modeling, verification, and assurance; and examine how the software is being used in production networks. We also explore new features and capabilities, including the ability to leverage Forward’s data model for other applications and management systems. It also supports NSX-V to give network engineers more insight into how overlays and the underlay intersect, and lets engineers build queries and verification for both network layers. Forward now also models AWS VPCs for hybrid cloud analysis. Our guests are Peyman Kazemian, Co-Founder; and Chiara Regale, VP of Product Management. Show Links: Forward Networks/packetpushers Forward Networks on Twitter Forward Networks – YouTube Show 374: Network Modeling & Verification With Forward Networks (Sponsored) – Packet Pushers
DNS Flag Day was February 1st, 2019. On this day, a number of major DNS software and service providers, including Google, Cisco, and Cloudflare, stopped supporting workarounds for DNS authoritative systems that didn’t support EDNS (Extentions to DNS). EDNS, which was standardized in 1999 and updated in 2013, makes DNS more efficient and allows the creation of new functionality such as DDoS protection. However, workarounds deployed to accommodate non-compliant systems added complexity and made the service harder to operate. By ending backwards-compatibility, service providers, Web giants, and organizations such as the Internet Systems Consortium hope to compel operators to upgrade and take full advantage of DNS’s capabilties. On today’s Heavy Networking we discuss DNS Flag Day and its potential impacts on non-compliant systems, examine EDNS, and more. Our guest is Cathy Almond, Sr. Support Engineer and Team Lead at the Internet Systems Consortium. Show Links: DNS Flag Day – February 1, 2019 – Internet Systems Consortium Tech Notes: DNS Flag Day – February 1, 2019 – EtherealMind 2019 | DNS flag day – DNS Flag Day.net Knowledge Articles-DNS Flag Day – will it affect you? – Internet Systems Consortium Knowledge Articles-DNS Flag Day – Notes for Authoritative Zone Owners and DNS Hosting Companies – Internet Systems Consortium
Today’s Heavy Networking examines a bunch of hot topics in networking and IT to see what’s hype and what’s reality. The tech industry is full of buzzwords and emerging technologies that attract media attention, spur speculation, and get engineering brains spun up. But is anyone actually using this stuff? That’s what we aim to find out today. We’ll do our best to separate the sensational from the substantial on topics including: * Software-defined X * DevNetOps and Cloud Native * Streaming telemetry * Container networking and service meshes * Microsegmentation * Formal verification * AI, blockchain for IT, and more Joining us to share their own perspectives and what they’re hearing from customers are Avi Freedman, CEO and Co-founder of Kentik; and Jon Mendoza, Field CTO at Technologent.
Today’s Heavy Networking episode dives into gaming networks. Our guest is Tim Raphael. He volunteers for Red Flag LAN Fest(Rflan), a non-profit that runs Bring Your Own PC (BYOPC) gaming events. Players show up with a computer, and Tim and his team provide the desk, chair, power and network. It’s like your college LAN parties of old, but way bigger. The event has hosted up to 800 to 900 people at a single event. Tim and Ethan discuss how Rflan builds networks for these events and why automation is essential to make it feasible. They dive into details on the core network gear, what they monitor during games (capacity, link quality, uptime, service monitoring, and more) and how they troubleshoot. In his day job, Tim is a peering engineer at the Internet Association of Australia. Sponsor: ExtraHop Today’s episode is brought to you in part by ExtraHop. ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. Visit extrahop.com/packetpushers for an interactive demo to find out more. Show Links: Rflan.org Tim Raphael on Twitter Timraphael.com
On today’s Heavy Networking we discuss some of the advanced features related to zero touch provisioning (ZTP) on IOS-XR in this Cisco-sponsored episode. Why advanced? Because we hit ZTP fundamentals in episode 378. In this episode we’ll review a few ZTP basics to refresh your memory, and then talk through tooling to help with golden image creation and model-driven ZTP automation. We also dive into the unique challenge of using ZTP to stand up access networks with lots of devices, and review ZTP security mechanisms. Our guest is Akshat Sharma, a Technical Marketing Engineer at Cisco and a returning Packet Pushers guest. Show Links: Working with Zero Touch Provisioning IOS XR Device Lifecycle – @xrdocs (Cisco) Show 378: Cisco Zero Touch Provisioning (Sponsored) – Packet Pushers Golden ISO build tool – GitHub IOS-XR ZTP python library and samples – GitHub IOS-XR ZTP Learning through Packet captures – @xrdocs (Cisco)
Today’s Heavy Networking continues a conversation we started back in Weekly Show 410, where we discussed the transition the broadcast industry is making to IP. In that episode, we covered the technical legacy of the broadcasting industry, how IP is starting to be used, and the impact to network engineering as a whole. Today, we consider the challenges IP networks face when implemented in a broadcasting environment, but why IP is moving ahead anyway. Our guests are Ricki Cook, a solutions architect who specializes in broadcasting (and also edits Packet Pushers audio); and Cyrus Hira, Customer Success Manager at Densify who also has experience with broadcast networks (and also edits Packet Pushers audio). We examine the particular challenges of transitioning broadcast networks to IP from their legacy transport mechanisms, key technical standards for broadcast media such as SMPTE ST2110, interoperability challenges, and more. We also discuss real-world projects that Ricki and Cyrus have worked on. Sponsor: ExtraHop Today’s episode is brought to you in part by ExtraHop. Think analytics, folks. ExtraHop is the enterprise cyber analytics company delivering performance and security from the inside out. Visit extrahop.com/packetpushers for an interactive demo to find out more. Show Links: Weekly Show 410 – Broadcast Media Using IP Networks – Packet Pushers Joint Task Force on Networked Media – Advanced Media Workflow Association (PDF) IP Solutions: Innovation Around the World – The Andrews Hubs RickiCook.com
Welcome to the Packet Pushers Heavy Networking show. No, this isn’t a new show in our line-up. It’s the Weekly Show you’ve known since 2010, now with a new name. Why the name change? One reason is to reflect our growth. When Packet Pushers first launched, this was the only show we did. The podcast was published once a week, so voila–the Weekly Show. Over the years, we’ve grown into a network of technical podcasts across multiple channels, so we thought it was time to freshen up the name on the podcast that started it all. Second, it’s a reflection of how the industry has changed. Ten years ago, you could nestle into your technical silo and not worry too much about what was happening in other areas. That’s not the case any more. IT engineers need to have knowledge in many disciplines. Our podcast network reflects that: shows like IPv6 Buzz, Datanauts, and Full Stack Journey delve into all kinds of IT infrastructure, and aim to help your professional development. Of course, you still need deep expertise, so when you want to focus on networking technology, Heavy Networking is our main channel. We’ve changed the name, but if you’re subscribed to the Weekly Show you don’t need to do anything. You’ll still get this show in your favorite podcatcher. Not Just Navel-Gazing Don’t worry, the whole show isn’t just about us. We also analyze some trends and issues we think will have an impact in 2019. They include: * How SD-WAN will disrupt traditional telco business * Whether a managed SD-WAN service makes sense * What skills and expertise will be of value in 2019 and beyond * How much should you be learning about the cloud * Why deep networking knowledge still matters
In October 2018, Bloomberg published an article making unsubstantiated claims about a supply chain breach in servers. The story, which Bloomberg stands by but is widely regarded as wrong, draws attention to a significant issue: our technology infrastructure is undergirded by a global supply chain that could be compromised by malicious actors. This got me thinking about hardware secure enclaves such as: * Intel Trusted Execution Technology (Intel TXT ) * Intel Software Guard Extensions (Intel SGX) * ARM Cryptoisland, which includes features for secure manufacturing, implemented as Cryptocell Today’s show dives into issues around supply chain security and related technologies. My guests are Greg Shipley, Deputy Director at Cyber Reboot, an In-Q-Tel Lab; and Justin Wilder, Vice President at In-Q-Tel. Our conversation aims to: * Provide a high-level overview of TXT, SGX, etc., and why they matter * Explore how the market has (attempted) to implement some of these approaches, what has worked, and what hasn’t * Examine what trusted execution or similar measures look like in the routing and switching world * Propose some ideas on how to move the whole thing forward Sponsor: InterOptic InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more. Sponsor: Cumulus Networks By building innovative data center products with Linux, Cumulus offers unprecedented interoperability, agility and scale, and makes integrating your open source software with your proprietary software seamless and efficient. To learn more about Cumulus’ open source philosophy and contributions, head to cumulusnetworks.com/openpod. Show Links: Intel® Trusted Execution Technology (Intel® TXT) Overview – Intel Intel® Software Guard Extensions (Intel® SGX) – Intel Cryptoisland Family – ARM Cyber Reboot Cyber Reboot blog Cyber Reboot on Twitter
When it comes to data center security, gigantic middlebox firewalls can be problematic. You have issue with scale and workload placement, latency challenges, and the potential for pain when you need to upgrade. A big firewall also isn’t the best tool to deal with east-west traffic inspection, and has limited utility for containing a breach. Microsegmentation is a relatively new architecture that defines by host or subnet who can talk to whom about what. And it does it with a centralized policy and distributed firewalls. You get manageability, scale, and a reduced attack surface with microsegmentation. On today’s Weekly Show we dive into microsegmentation with our sponsor, Illumio. We discuss how Illumio works, how it can limit the impact of a breach, and how to deploy and run a microsegmentation architecture at scale. Our guest is Matt Glenn, VP of Product Management. In this episode we cover: * Illumio’s two core elements: the policy compute engine and the virtual enforcement node * How Illumio builds a live application dependency map to create security policies * How the platform leverages existing host controls such as IP tables to enforce security policies * How the product works on premises and in public clouds * Running Illumio in a brownfield environment * How Illumio can help you clean up your CMDB Show Links: Illumio Adaptive Security Platform (ASP) Documentation Center Illumio Blog Illumio Presents At Network Field Day 19 – Tech Field Day